When the owner of a small computer and electronics supplier in Northern California started getting irate calls from vendors who hadn’t been paid, he was baffled. Given his up-to-date credit history, this made no sense. Then the small business owner began to investigate. What he learned shocked him.
“He found out that crooks had almost completely cloned his business, placing tens of thousands of dollars worth of orders from his suppliers, and then disappeared,” recounts Neal O’Farrell, executive director of The Identity Theft Council, a nonprofit that provides support to identity theft victims.
“They had a completely cloned version of his website, but with a domain name slightly different than his,” O’Farrell explains. “The thieves provided an 800 number that answered in the name of his business and included voicemail boxes for all his key employees so anyone calling that number would recognize the key staff and therefore assume the number was legitimate. They also created an e-mail address very similar to that of the business owner and included it in every correspondence with suppliers.”
The grand-scale deception finally ended after O’Farrell and his team started deleting some of the domains registered to the thieves. But it wasn’t easy. No sooner would one disappear than several other domains similar to the original legitimate one would pop up out of nowhere.
“It was obviously organized and targeted, with the thieves devoting a considerable amount of time researching this very small business and planning their attack,” continues O’Farrell. “We still have no idea who was behind the attack and why they picked on this largely unknown business.”
No, this is not a sequel to the Bourne Identity franchise, even though it certainly has the makings of an action-packed thriller. It really happened. And if you’ve ever had any doubts as to what constitutes business identity fraud, which is when the identity of a business is stolen and then used to establish several lines of fraudulent credit, leaving the real business with the bill, the aforementioned case is a classic example.
In the small business world, business identity fraud has become surprisingly common. According to 2011 Javelin Strategy & Research's Small Business Owners Identity Fraud Report, in 2010 small businesses lost roughly $8 billion to fraud. Unfortunately, because of the easy accessibility of business information, including website data, company name, and staff rosters, O’Farrell says it’s “almost impossible” to prevent these types of crimes from occurring. But there are ways that a small business owner can minimize the risk of being a target for business identity thieves. The following is a sample of eigth important tips:
Limit computer use at work for business purposes
When there’s a work lull, an employee might use his or her computer to download music and games or dabble in social media. Although these may seem like harmless activities, it could open the door to a modern day cyber-evil—hacking.
“All too often these employees unwittingly download keystroke logging malware when they search for these items,” explains Steve Weisman, a business identity fraud expert who’s the author of “50 Ways to Protect Your Identity in a Digital Age” and the publisher of the Scamicide blog, which provides updated information on identity theft schemes. “This malware is able to steal all of the information from their computer.”
Frequently, a business identity theft perpetrator might be a current or former employee, someone who might have access to sensitive financial documents or information (such as a CEO’s signature). In this instance, an unscrupulous employee could alter the amount of a company check, forge a signature and then cash it at a bank, pilfering the amount for him or herself. It’s a kind of theft that Christine Lee Smith, who runs CLS Photography, a wedding portrait and photography business in Long Beach, California, knows about all too well, having experienced it a while back.
“An independent contractor we hired to do some photo editing cashed a check we used to pay his invoices for $200 more than we wrote it for, at a local hardware store,” she recounts. The experience was an eye-opener for Smith, who has been operating her business for nearly seven years. Although she was lucky enough to get her money back, she now uses secure electronic payment for all business-related matters. She also advises other small business owners to use credit cards for purchases as well.
With these options, “you protect your financial information without sacrificing efficiency,” insists Smith. “They can also help you keep a more accurate account of what is coming in and out of your account, as transfers may occur more quickly than paper check processing.”
Google your business name regularly
O’Farrell strongly stresses doing this as a safeguard to protect your small business against identity fraud. Also, “check your domain name regularly, just in case someone else is using it or something similar publicly,” he suggests. “Maybe create a Google Alert for your business name.”
Befriend a local banker
Chances are more than likely that you, as a small business owner, may not know what to look out for when ferreting out identity fraud. Your banker, as a skilled financial professional, might know the telltale signs that could surface in your business documents. He or she “can help you navigate difficult situations, should identity fraud occur,” advises Smith.
Shred all-important documents set to be discarded
When looking for their next target, thieves feed on information. Don’t give them any ammunition. Or as Weisman, a lawyer by trade, says, “Identity thieves are dumpster divers.” If you no longer need them or require them in your possession, then you should destroy all documents either about your business or customers that contain any “identifying information,” such as tax identification numbers, passwords, bank account information, and credit card information.
To underscore his point, Weisman suggests using a “cross shredder” because “identity thieves have actually been known to piece together vertically shredded material.”
Review your business credit report
As in the case of Googling your business name, O’Farrell recommends this as an important best practice. “This will help detect any suspicious credit activity,” he says. Examples of the latter include new credit applications and accounts as well as changes to phone numbers, office addresses, and key personnel.
“These all suggest that thieves are already committing fraud in the name of the business or are doing the groundwork,” notes O’Farrell.
Change computer passwords frequently
Cyber thieves are specialists when it comes to stealing passwords to vital business information and then using it for their own illicit gain. Protect yourself by changing your business password frequently. Also, immediately deactivate passwords for terminated employees, urges Weisman.
Hire a trusted accountant or bookkeeper
To further shield your business from identity fraud, having an additional set of eyes on staff is another key takeaway. In this vein, an accounting professional can be instrumental in “helping you catch suspicious account activity so that the responsibility is not solely on your shoulders,” notes Smith.
Preventing your small business from being hijacked by thieves might be difficult given the persistence and cunning of hucksters; however, you might be able to keep the possibility at bay by observing the above measures. You’ve worked hard to build up your business. Why sacrifice it all to accommodate criminals?